Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Hijackthis Log - Please Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 jskinner23

jskinner23

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 30 August 2007 - 11:04 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:01:15 PM, on 8/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\sv3963\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\System32\KB_963491.exe
C:\WINDOWS\bjam.exe
C:\WINDOWS\System32\psncc32.exe
C:\WINDOWS\System32\eddesp.exe
C:\WINDOWS\System32\vmddnst.exe
C:\WINDOWS\System32\sdvlibswr.exe
C:\WINDOWS\System32\filsemd.exe
C:\WINDOWS\System32\svehost.exe
C:\WINDOWS\System32\atlamgbg.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\frmwrk.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\DOBE~1\notepad.exe
C:\Program Files\WinPop\winpop.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchots.exe
C:\PROGRA~1\COMMON~1\qkoi\qkoim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ISM\ISMModule3.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\confbzfc.exe
C:\WINDOWS\System32\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wnset.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\clcl14.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.winantivir...x=1/ed=1/ex=1//
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://go.winantivir...x=1/ed=1/ex=1//
F3 - REG:win.ini: load=C:\WINDOWS\sv3963\svchost.exe
O2 - BHO: C:\WINDOWS\System32\sder4gh.dll - {25AD49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\sder4gh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9
1894E754BE54C29159A7DA197C7734672DE39576CAC59B6
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963491.exe"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [WinPop] C:\WINDOWS\bjam.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [adlhidp] C:\WINDOWS\System32\psncc32.exe
O4 - HKLM\..\Run: [lcuise] C:\WINDOWS\System32\eddesp.exe
O4 - HKLM\..\Run: [vtdlpse] C:\WINDOWS\System32\vmddnst.exe
O4 - HKLM\..\Run: [trivisls] C:\WINDOWS\System32\sdvlibswr.exe
O4 - HKLM\..\Run: [nbkarts] C:\WINDOWS\System32\filsemd.exe
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [clcl14] C:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [fcidmpa] C:\WINDOWS\System32\atlamgbg.exe
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [vclidsr] confbzfc.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aosr] "C:\PROGRA~1\COMMON~1\DOBE~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [Kvajkwd] C:\WINDOWS\system32\F?nts\??rss.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchots.exe
O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wnset.exe
O4 - HKCU\..\Run: [adlhidp] C:\WINDOWS\System32\psncc32.exe
O4 - HKCU\..\Run: [lcuise] C:\WINDOWS\System32\eddesp.exe
O4 - HKCU\..\Run: [vtdlpse] C:\WINDOWS\System32\vmddnst.exe
O4 - HKCU\..\Run: [trivisls] C:\WINDOWS\System32\sdvlibswr.exe
O4 - HKCU\..\Run: [nbkarts] C:\WINDOWS\System32\filsemd.exe
O4 - HKCU\..\Run: [qkoi] C:\PROGRA~1\COMMON~1\qkoi\qkoim.exe
O4 - HKCU\..\Run: [fcidmpa] C:\WINDOWS\System32\atlamgbg.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [vclidsr] confbzfc.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.mcafee.com
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.errorsafe...w...034&affid=3
O20 - AppInit_DLLs: C:\WINDOWS\System32\hadjajr.ini
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: CSfpe - {ACBEA24C-0614-08E6-F62D-BA589FF553F8} - C:\WINDOWS\System32\gpbx.dll
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\grprdvx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 August 2007 - 12:55 PM

Hello jskinner23 and welcome to the What the Tech

My name is Trevuren and I will be helping you with your problem.


You don't appear to be running any anti-virus software

Anti-virus software are programs that detect, clean, and/or erase harmful virus files on a computer. Unchecked, virus files can unintentionally be forwarded to others, and thereby spread infection. Keeping your anti-virus updated is essential.

Please download a free anti-virus software from one these excellent vendors NOW:It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


You don't appear to have a software firewall running

It is important that you use a software firewall, to prevent unauthorized traffic both out of and into your computer.
If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install one of these excellent (and free) products:It is important to note that you should only have one firewall installed at a time.


Once both of the programs have been installed, please run HijackThis again and post a new log.

Regards,

Trevuren

Edited by Trevuren, 30 August 2007 - 12:57 PM.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 09 September 2007 - 09:11 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users